Cyber-compromised data recovery : The more likely disaster recovery use case.

Abstract

To extort a ransom payment, ransomware actors must make the threat sufficiently compelling that payment seems like the only option. This is achieved by encrypting or disabling a company's data replicas and backups as well as its production data - data that are essential to the organisation's success. To prevent this happening, it is essential to extend one's thinking beyond the organisation's cyber security incident response plan and disaster recovery programme and give active consideration to a cyber incident recovery risk management (CIR-RM) programme. This paper explores what this requires, including the right thinking, the right approach, the right team and the right plan.